RIAA and MPAA: Copyright holders should be allowed to use pretexting

The RIAA and MPAA are lobbying once again against an anti-pretexting law in …

The RIAA and MPAA have proposed an amendment to a bill in California that would allow the two industries to use deceptive practices known as pretexting to misrepresent themselves when dealing with businesses, according to a report in the L.A. Times. The music and movie industries argue that they need to be able to use pretexting methods in order to enforce their intellectual property rights.

President Bush signed into law a federal anti-pretexting bill this January, entitled the Telephone Records and Privacy Protection Act of 2006. The law bans anyone from "knowingly and intentionally" obtaining the phone records of a third party by misrepresenting themselves. Violators of the law face fines and jail time. The FCC also just released a new set of rules last week with the goal of strengthening consumer privacy. The rules include phone carriers not being allowed to release information to a customer without a password and immediate notification to the customer upon changing account information, notification of unauthorized disclosure, and modification of consent rules for carriers to disclose information to a partner. However, the federal law and the new FCC rules only addresses phone records and not other personal information, which is what the bill in California hopes to cover with the bill introduced in February of this year.

Under California's SB 328, "any information that identifies, relates to, describes, or is capable of being associated with, a particular individual" would be illegal to obtain by pretexting. This would include (but not be limited to) the individual's name, signature, social security number, physical characteristics, address, telephone calling pattern record or list, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.

The RIAA and MPAA feel that the proposed bill is too broad and would undermine the industries' efforts to crack down on bootleggers and pirates. "While we commend the goal of this bill, we must oppose unless amended because as currently drafted it would gut our ability to investigate piracy—criminal acts under California law," an RIAA spokesperson told Ars Technica. "Understandably, however, these individuals don't identify themselves as RIAA investigators when trying to buy a counterfeit CD or gathering information on a pirate operation either—to do so would obviously defeat the effort from the onset. We've suggested amendatory language but are certainly open to other suggestions."

The industries' proposed amendment to the bill itself is rather broad, suggesting that any owner of intellectual property or trade secrets should be able to use "pretexting or other investigative techniques to obtain personal information about a customer or employee." Buckles maintains that the RIAA would never want to gain access to customer information, but under the broad wording of the amendment, other companies, organizations, or individuals with copyrights could do so very easily as long as they don't violate the current federal law in requesting phone records.

The MPAA argued this same angle once before against another Californian pretexting bill last year, saying that they needed to be able to pose as someone else in order to catch pirates. They succeeded at that time in killing the bill, just before the HP pretexting scandal came to light. Since then, the federal law against pretexting to obtain phone records was passed, making the public much more aware of the privacy violations involved in allowing pretexting practices to continue.

The bill was amended yesterday with some changes to the definition of personal records and what constitutes a "customer," but did not include the RIAA's proposed addition to the bill.

Jacqui Cheng
Jacqui is an Editor at Large at Ars Technica, where she has spent the last eight years writing about Apple culture, gadgets, social networking, privacy, and more. Emailjacqui@arstechnica.com//Twitter@eJacqui